[Dashboard] Fix Path Resolution on Windows (ray-project#41388)

Use 'PurePosixPaths' when trying to canonicalize URL paths. This ensures that path resolution is independent of the underlying operating system and fixes the Ray Dashboard for Windows.
ujjawal-khare-27 · Nov 29, 2023 · a5a8462 · a5a8462
1 parent 24a2518
commit a5a8462
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/dashboard/http_server_head.py b/dashboard/http_server_head.py
@@ -130,14 +130,19 @@ def get_address(self):
     @aiohttp.web.middleware
     async def path_clean_middleware(self, request, handler):
         if request.path.startswith("/static") or request.path.startswith("/logs"):
-            parent = pathlib.Path(
+            parent = pathlib.PurePosixPath(
                 "/logs" if request.path.startswith("/logs") else "/static"
             )
 
             # If the destination is not relative to the expected directory,
             # then the user is attempting path traversal, so deny the request.
-            request_path = pathlib.Path(request.path).resolve()
+            request_path = pathlib.PurePosixPath(
+                pathlib.posixpath.realpath(request.path)
+            )
             if request_path != parent and parent not in request_path.parents:
+                logger.info(
+                    f"Rejecting {request_path=} because it is not relative to {parent=}"
+                )
                 raise aiohttp.web.HTTPForbidden()
         return await handler(request)